Microsoft Catches Russian Government Hackers Phishing with Teams Chat App
Software giant Microsoft on Wednesday sounded an alarm after catching a known Russian government-linked hacking group using its Microsoft Teams chat app to phish for credentials at targeted organizations. According to a research report from Redmond's Threat Intelligence team, the hacking team is linked to the Foreign Intelligence Service of the Russian Federation (also known as the SVR). READ MORE...
Over 640 Citrix servers backdoored with web shells in ongoing attacks
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519. The vulnerability was previously exploited as a zero-day to breach the network of a U.S. critical infrastructure organization. Security researchers from the Shadowserver Foundation have disclosed that attackers had deployed web shells on at least 640 Citrix servers in these attacks. READ MORE...
Russian APT 'BlueCharlie' Swaps Infrastructure to Evade Detection
In a futile attempt to evade detection, the Russian espionage group "BlueCharlie" has swapped out all of its old infrastructure for a network of 94 new domains. BlueCharlie - aka "Calisto," "COLDRIVER," "SEABORGIUM," and "StarBlizzard" - is a threat actor linked to groups that have been active since at least 2017. In the past, it has targeted organizations across the government, defense, education, and political sectors, as well as NGOs, think tanks, and journalists. READ MORE...
How Malicious Android Apps Slip Into Disguise
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam. READ MORE...
The Need for Trustworthy AI
If you ask Alexa, Amazon's voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn't know. It doesn't take much to make it lambaste the other tech giants, but it's silent about its own corporate parent's misdeeds. When Alexa responds in this way, it's obvious that it is putting its developer's interests ahead of yours. Usually, though, it's not so obvious whom an AI system is serving. READ MORE...
Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability
Minecraft players interested in modding are potentially at risk of compromise. A Remote Code Execution (RCE) vulnerability in certain Minecraft mods allows for malicious commands on both servers and clients. The vulnerability, named BleedingPipe, allows attackers to take over a targeted server. Minecraft modding is immensely popular, with a potentially huge number of servers in the wild doing their own thing. There's a custom game type or world state for everybody. READ MORE...
Tesla Jailbreak Unlocks Theft of In-Car Paid Features
Tesla cars are susceptible to a nearly irreversible jailbreak of their onboard infotainment systems that would allow owners to unlock a bevy of paid in-car features for free. The stolen perks can run the gamut from better bandwidth to faster acceleration and heated seats, according to a team of academic researchers. The researchers also found that it's also possible to escape the infotainment system and pivot to the internal Tesla network for authenticating cars. READ MORE...
Salesforce Email Service Zero-Day Exploited in Phishing Campaign
Threat actors have exploited a Salesforce zero-day vulnerability and abused Meta features in a sophisticated phishing campaign, according to web browsing security company Guardio. Attackers sent out legitimate-looking emails designed to lure targeted users to a phishing page where they were instructed to hand over their Facebook account information, including their name, account name, email address, phone number, and password. READ MORE...
- ...in 1492, Christopher Columbus leaves Spain on his voyage to the new world.
- ...in 1807, former Vice President Aaron Burr is put on trial for treason, after leading a secessionist plot to take over the western territories.
- ...in 1958, the first nuclear submarine, USS Nautilus, passes under the North Pole.
- ...in 1977, Tandy unveils the TRS-80 PC, which with Apple and Commodore would form the "1977 Trinity" of affordable home computers.
